OneDev up to 4.0.2 KubernetesResource REST Endpoint path traversal

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in OneDev up to 4.0.2. This affects an unknown functionality of the component KubernetesResource REST Endpoint. Upgrading to version 4.0.3 eliminates this vulnerability.

Field01/16/2021 09:29 AM02/15/2021 02:44 AM02/15/2021 02:47 AM
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
urlhttps://github.com/theonedev/onedev/security/advisories/GHSA-2w6j-wc8c-9mq2https://github.com/theonedev/onedev/security/advisories/GHSA-2w6j-wc8c-9mq2https://github.com/theonedev/onedev/security/advisories/GHSA-2w6j-wc8c-9mq2
nameUpgradeUpgradeUpgrade
upgrade_version4.0.34.0.34.0.3
cveCVE-2021-21251CVE-2021-21251CVE-2021-21251
nameOneDevOneDevOneDev
version<=4.0.2<=4.0.2<=4.0.2
componentKubernetesResource REST EndpointKubernetesResource REST EndpointKubernetesResource REST Endpoint
cwe22 (directory traversal)22 (directory traversal)22 (directory traversal)
risk222
date1610751600 (01/16/2021)1610751600 (01/16/2021)1610751600 (01/16/2021)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore6.55.75.7
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.36.06.0
cvss3_meta_basescore6.36.37.5
cvss3_meta_tempscore6.36.07.2
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned16085916001608591600
cve_nvd_summaryOneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library method leveraging Apache Commons Compress. During the untar process, there are no checks in place to prevent an untarred file from traversing the file system and overriding an existing file. For a successful exploitation, the attacker requires a valid __JobToken__ which may not be possible to get without using any of the other reported vulnerabilities. But this should be considered a vulnerability in `io.onedev.commons.utils.TarUtils` since it lives in a different artifact and can affect other projects using it. This issue was addressed in 4.0.3 by validating paths in tar archive to only allow them to be in specified folder when extracted.OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library method leveraging Apache Commons Compress. During the untar process, there are no checks in place to prevent an untarred file from traversing the file system and overriding an existing file. For a successful exploitation, the attacker requires a valid __JobToken__ which may not be possible to get without using any of the other reported vulnerabilities. But this should be considered a vulnerability in `io.onedev.commons.utils.TarUtils` since it lives in a different artifact and can affect other projects using it. This issue was addressed in 4.0.3 by validating paths in tar archive to only allow them to be in specified folder when extracted.
confirm_urlhttps://github.com/theonedev/onedev/security/advisories/GHSA-2w6j-wc8c-9mq2https://github.com/theonedev/onedev/security/advisories/GHSA-2w6j-wc8c-9mq2
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cve_cnaGitHub, Inc.
cvss2_nvd_basescore6.5
cvss3_nvd_basescore8.8

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!